Limiting a user to scp and not ssh

Top Page
This message is part of the following thread:
M--\the complete thread tree sorted by date
M+\MMatt Alexander at <-
MMMGeorge Toft at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Mike
Date:  
Subject: Limiting a user to scp and not ssh
I seem to recall a setup which uses the keys in ssh to restrict
access. I think I read this in SysAdmin a few (many?) months ago.
Not sure if this would apply to your situation, but it may warrant
further investigation.

v/r
Mike
On Thu, Jun 20, 2002 at 09:41:07AM -0700, Bill Warner wrote:
Your probably better off just setting there shell to /bin/false in
/etc/passwd.

If there is every any kind of security hole in scp that someone could
exploit they could get in to your box with your current setup.

Bill Warner

On Wed, 2002-06-19 at 18:48, Matt Alexander wrote:
> I'm trying to configure a box so people can scp files to it, but can't
> actually ssh in. I created a script named scpsh with this in it:
>
> #!/bin/sh
> #
> exec /usr/bin/scp -t $HOME
>
>
> Then I added scpsh to /etc/shells and made it their shell in
> /etc/passwd.
> So now users can use scp to copy files over just fine, but when they try
> to ssh, it sits there until they hit a key, at which point they get:
>
> scp: protocol error: unexpected <newline>
> Connection to 1.2.3.4 closed.
>
>
> Is this the best way to handle this? Is there a better way that anyone
> knows of?
> Thanks,
> ~M
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
--
Bill Warner
Unix/Linux Admin.
Direct Alliance Corporation

Company required stuff:

Contents are Direct Alliance Corporation Confidential

This message is for the designated recipient(s) only and contains
Direct Alliance Corporation privileged and confidential information.
If you have received it in error, please notify the sender immediately
and delete the original. Any other use of this email is prohibited.

________________________________________________
See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.

PLUG-discuss mailing list -
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Map to SCC for the InstallfestHelp getting experience->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)